Cryptology ePrint Archive: Report 2003/126

Certificateless Public Key Cryptography

Sattam S. Al-Riyami and Kenneth G. Paterson

Abstract: This paper introduces the concept of 'certificateless public
key cryptography' (CL-PKC). In contrast to traditional public key
cryptographic systems, CL-PKC does not require the use of
certificates to guarantee the authenticity of public keys. It does
rely on the use of a trusted third party (TTP) who is in
possession of a master key. In these respects, CL-PKC is similar
to identity-based public key cryptography (ID-PKC). On the other
hand, CL-PKC does not suffer from the key escrow property that
seems to be inherent in ID-PKC. Thus CL-PKC can be seen as a model
for the use of public key cryptography that is intermediate
between traditional certificated PKC and ID-PKC.

We make concrete the concept of CL-PKC by introducing
certificateless public key encryption (CL-PKE), signature and key
exchange schemes. We also demonstrate how hierarchical CL-PKC can
be supported. The schemes are all derived from pairings on
elliptic curves. The lack of certificates and the desire to prove
the schemes secure in the presence of an adversary who has access
to the master key requires the careful development of new security
models. For reasons of brevity, the focus in this paper is on the
security of CL-PKE. We prove that our CL-PKE scheme is secure in a
fully adaptive adversarial model, provided that an underlying
problem closely related to the Bilinear Diffie-Hellman Problem is
hard.

Category / Keywords: public-key cryptography /

Publication Info: An extended abstract of this work will appear in the Proceedings of Asiacrypt 2003